Burp Suite User Forum

Create new post

Request interception

eax | Last updated: Jul 05, 2019 01:11PM UTC

Hi there, I'm aware that if you register a IHttpListener you are able to intercept requests before they are sent out. Is it also possible to intercept a request prior to assigning it a tool, for example, the scanner? The purpose is to exclude certain parameters from the initial request, send the result of that to the scanner and as soon the scanner is done; the initial parameters are added back to the request and then sent out. Any input is much appreciated. Thank you for your time!

Liam, PortSwigger Agent | Last updated: Jul 05, 2019 01:36PM UTC

Have you tried sending the request to Burp Repeater using the context menu? From here, you can test or edit the request and use the context menu to send it to Burp Scanner.

Burp User | Last updated: Jul 05, 2019 01:58PM UTC

Well, that might work actually. I guess I will have to make an alternative to "Do an active scan"; Chain of events would be looking like this then: 1. "My extension" is triggered on a request; 2. that request is sent to Repeater; 3. Repeater strips away the parameters from the request and sends it to the Scanner; 4. Scanner inserts its payload; 5. Scanner sends out the adjusted request; 6. that request is intercepted using a IHttpListener; 7. my adjusted parameters added back to the request 8. final request is sent out. I will try this out. Thanks !

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.